Security is security is security

Some security predictions for next year from Chris Pace, head of product marketing, Wallix.

  • 9 years ago Posted in
Security is security is security

2016 should be the year we stop categorising the difference between insider threats and externals attacks. The biggest challenge for the year ahead will be joining up traditional perimeter defences with better protection against attacks from the inside.

 

2016: Time to review internal security

Gartner has predicted that 95% of cloud security failures will be the customer’s fault and more specifically, are attributable to poor internal security practices. Being able fully to trace and managed the internal movement of data isn’t just going to be important if you have a cloud provider.

 

 

It makes security sense too. If you look at the most high-profile hacks of recent years, weak internal defences are the common denominator. After the initial breach, when there are few internal barriers, lateral movement and therefore damage is easy. Strengthening internal access provision isn’t just a cyber threat deterrent, it prevents the likelihood of data breach from insiders, which actually accounts for the majority of data breaches. In 2016 we will have another reason too – complying with EU’s GDPR will require a review of how data is stored, processed and moved.

 

Cyber risk mitigation: Steps to take before investing in a cyber insurance policy

If your firm is considering a cyber insurance policy, you are not alone. Cyber is now considered the biggest threat to UK businesses and the meteoric rise of the cyber insurance market is proof of that demand. Paying an insurance company to share some business risk makes good commercial sense.  But be warned, putting a cyber-premium in place does not guarantee a payout should a breach occur unless all required security measures are enforced. According to a study we conducted, around half of IT pros weren’t able to tell if necessary security software updates were being made successfully, or if ex-employees or contractors still had access to the systems. Better, instead, focus on getting some of these basic security measures in place and ensuring the IT department is involved in any decision making regarding a cyber policy from the start.

 

Data loss to become a people issue, not just a tech problem

CISOs under pressure to provide impermeable defences against external threats may be relieved to hear current thinking suggests that enterprise security should be managed holistically, i.e., by the IT department working in conjunction with other business areas, like HR. Organisations may be missing ‘predictable behaviour cues’ that would presage a hack. In the holistic model, the IT department provides the IT security tools and the HR department provides the appropriate processes and procedures that need to be followed, as well as creating a necessarily more ‘vigilant’ culture.

 

With the Christmas bonus season nearly upon us, what’s the chance that a disappointed worker will start to display behaviour that warrants closer scrutiny?    

 

TalkTalk Lessons: IT security needs to come out of the shadows

I sincerely hope there will be many lessons learned from the TalkTalk hack. Perhaps the most important is to have strong, IT-literate leadership. If cybercrime is the number one threat to UK business, why are there so few technology experts at board-level? TalkTalk should be the battering ram security professionals use to open up the C-suite over the next 12 months.

 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...